| From: | Ranier Vilela <ranier(dot)vf(at)gmail(dot)com> |
|---|---|
| To: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Protect against possible memory corruption (src/backend/access/nbtree/nbtxlog.c) |
| Date: | 2021-07-11 19:51:04 |
| Message-ID: | CAEudQAoWq+AL3BnELHu7gms2GN07k-np6yLbukGaxJ1vY-zeiQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
While analyzing a possible use of an uninitialized variable, I checked that
*_bt_restore_page* can lead to memory corruption,
by not checking the maximum limit of array items which is
MaxIndexTuplesPerPage.
It can also generate a dangling pointer by incrementing it beyond the
limits it can point to.
While there, I promoted a reduction of scope and adaptation of the type of
the *len* parameter to match XLogRecGetBlockData function.
pass regress check at Windows and check-world at Linux.
regards,
Ranier Vilela
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-_bt_restore_page-have-issues-can-lead-a-memory-corru.patch | application/octet-stream | 2.7 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2021-07-11 22:19:47 | Re: Protect against possible memory corruption (src/backend/access/nbtree/nbtxlog.c) |
| Previous Message | Euler Taveira | 2021-07-11 19:48:26 | Re: row filtering for logical replication |